Stop sending PHI over SFTP
MnemoShare replaces static credentials and standing access with identity-bound, ephemeral exchange — giving your compliance team defensible evidence, not just checkbox answers.
Designed for organizations operating under HIPAA, HITRUST, and state-level health data privacy laws.
Privacy & Security Rule
CSF Certification
Type II
Substance Use Records
The SFTP problem in healthcare
Healthcare organizations exchange PHI with payers, clearinghouses, labs, vendors, and partners daily. Most still use SFTP — a protocol built before HIPAA existed.
Legacy SFTP Approach
- ✕Shared credentials that never expire
- ✕No identity verification — anyone with the key gets in
- ✕Minimal audit trail — no evidence of who accessed what
- ✕No PHI detection or content scanning
- ✕Manual key rotation (if it happens at all)
MnemoShare Approach
- Ephemeral credentials that expire automatically
- Identity-bound access — every action tied to a verified person
- Immutable, evidence-grade audit trail
- Real-time PHI/PII detection and malware scanning
- No credentials to rotate — nothing to steal
Built for healthcare data exchange
Every feature designed around the specific needs of covered entities and business associates.
Dynamic Questionnaires
Require recipients to answer configurable questions before accessing files — verifying authorization, confirming identity, and documenting consent at the point of access.
AES-256-GCM Encryption
Application-layer encryption with customer-controlled keys. Data is encrypted before it reaches storage — not just by the cloud provider's infrastructure encryption.
PHI Detection
Automated scanning detects protected health information in uploaded files. Combined with ClamAV virus scanning via ICAP for comprehensive content inspection.
WORM Audit Export
Export audit events to customer-managed, WORM-capable storage. Retention enforced externally, beyond administrative tampering. Designed for investigations and compliance audits.
SSO & MFA Enforcement
Integrate with your existing identity provider — Azure AD, Okta, Ping, Google. Enforce MFA for all users. Optional hardware-backed mTLS for highest assurance.
Self-Hosted or SaaS
Deploy in your own infrastructure for full data sovereignty, or use our managed SaaS. Either way, encryption keys and audit data stay under your control.
Common healthcare use cases
Provider ↔ Payer Exchange
Claims submissions, remittance advice, eligibility files, and prior authorization documents exchanged between providers and health plans — with full audit trail and encryption.
Replaces: SFTP, secure email, MFT appliances
Lab Results & Reports
Laboratory results, pathology reports, and diagnostic imaging shared between labs, hospitals, and clinics — with identity verification at the point of download.
Replaces: Direct messaging gaps, fax, portal logins
Business Associate Exchanges
Data exchanges with billing companies, IT vendors, analytics partners, and managed service providers — documented per BAA requirements with tamper-evident audit logs.
Replaces: Shared drives, cloud folders, email attachments
Clinical Trial Data
Research data, case report forms, and adverse event reports shared between sites, sponsors, and CROs — with configurable access controls and evidence-grade logging.
Replaces: Custom portals, secure FTP, encrypted email
HIPAA Security Rule alignment
MnemoShare is designed to support the technical safeguards required by the HIPAA Security Rule (45 CFR § 164.312).
| Safeguard | MnemoShare Control |
|---|---|
| Access Control (§164.312(a)) | Identity-bound ephemeral credentials, SSO/MFA enforcement, role-based access |
| Audit Controls (§164.312(b)) | Immutable audit events, WORM export, SIEM integration, tamper-evident sequencing |
| Integrity Controls (§164.312(c)) | SHA-256 file checksums, AES-256-GCM authenticated encryption |
| Person Authentication (§164.312(d)) | SSO, TOTP MFA, optional hardware mTLS (FIPS 140-3 ready) |
| Transmission Security (§164.312(e)) | TLS 1.3 in transit, application-layer encryption at rest |
MnemoShare does not claim HIPAA certification (no such certification exists). The platform provides technical controls that support compliance — your organization remains responsible for administrative safeguards, policies, and risk assessment.
Business Associate Agreements
MnemoShare executes Business Associate Agreements (BAAs) with SaaS customers. For self-hosted deployments, MnemoShare does not access, process, or store customer ePHI — the platform runs entirely within your infrastructure. BAAs are available as an add-on for SaaS tiers that require them.
Ready to replace SFTP for healthcare data exchange?
See how MnemoShare supports HIPAA compliance with identity-bound access, encryption, and immutable audit trails.